e976dc27f8
GRUB netbuff structure members track 2 different things: the extent of memory allocated for the packet, and the extent of memory currently being worked on. This works out in the structure as follows: nb->head: beginning of the allocation nb->data: beginning of the working data nb->tail: end of the working data nb->end: end of the allocation The head and end pointers are set in grub_netbuff_alloc() and do not change. The data and tail pointers are initialised to point at start of the allocation (that is, head == data == tail initially), and are then manipulated by grub_netbuff_*() functions. Key functions are as follows: - grub_netbuff_put(): "put" more data into the packet - advance nb->tail - grub_netbuff_unput(): trim the tail of the packet - retract nb->tail - grub_netbuff_pull(): "consume" some packet data - advance nb->data - grub_netbuff_reserve(): reserve space for future headers - advance nb->data and nb->tail - grub_netbuff_push(): "un-consume" data to allow headers to be written - retract nb->data Each of those functions does some form of error checking. For example, grub_netbuff_put() does not allow nb->tail to exceed nb->end, and grub_netbuff_push() does not allow nb->data to be before nb->head. However, grub_netbuff_pull()'s error checking is a bit weird. It advances nb->data and checks that it does not exceed nb->end. That allows you to get into the situation where nb->data > nb->tail, which should not be. Make grub_netbuff_pull() check against both nb->tail and nb->end. In theory just checking against ->tail should be sufficient but the extra check should be cheap and seems like good defensive practice. Signed-off-by: Daniel Axtens <dja@axtens.net> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
134 lines
3.2 KiB
C
134 lines
3.2 KiB
C
/*
|
|
* GRUB -- GRand Unified Bootloader
|
|
* Copyright (C) 2010 Free Software Foundation, Inc.
|
|
*
|
|
* GRUB is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GRUB is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <grub/err.h>
|
|
#include <grub/misc.h>
|
|
#include <grub/mm.h>
|
|
#include <grub/net/netbuff.h>
|
|
|
|
grub_err_t
|
|
grub_netbuff_put (struct grub_net_buff *nb, grub_size_t len)
|
|
{
|
|
nb->tail += len;
|
|
if (nb->tail > nb->end)
|
|
return grub_error (GRUB_ERR_BUG, "put out of the packet range.");
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
grub_err_t
|
|
grub_netbuff_unput (struct grub_net_buff *nb, grub_size_t len)
|
|
{
|
|
nb->tail -= len;
|
|
if (nb->tail < nb->head)
|
|
return grub_error (GRUB_ERR_BUG,
|
|
"unput out of the packet range.");
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
grub_err_t
|
|
grub_netbuff_push (struct grub_net_buff *nb, grub_size_t len)
|
|
{
|
|
nb->data -= len;
|
|
if (nb->data < nb->head)
|
|
return grub_error (GRUB_ERR_BUG,
|
|
"push out of the packet range.");
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
grub_err_t
|
|
grub_netbuff_pull (struct grub_net_buff *nb, grub_size_t len)
|
|
{
|
|
nb->data += len;
|
|
if (nb->data > nb->end || nb->data > nb->tail)
|
|
return grub_error (GRUB_ERR_BUG,
|
|
"pull out of the packet range.");
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
grub_err_t
|
|
grub_netbuff_reserve (struct grub_net_buff *nb, grub_size_t len)
|
|
{
|
|
nb->data += len;
|
|
nb->tail += len;
|
|
if ((nb->tail > nb->end) || (nb->data > nb->end))
|
|
return grub_error (GRUB_ERR_BUG,
|
|
"reserve out of the packet range.");
|
|
return GRUB_ERR_NONE;
|
|
}
|
|
|
|
struct grub_net_buff *
|
|
grub_netbuff_alloc (grub_size_t len)
|
|
{
|
|
struct grub_net_buff *nb;
|
|
void *data;
|
|
|
|
COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0);
|
|
|
|
if (len < NETBUFFMINLEN)
|
|
len = NETBUFFMINLEN;
|
|
|
|
len = ALIGN_UP (len, NETBUFF_ALIGN);
|
|
#ifdef GRUB_MACHINE_EMU
|
|
data = grub_malloc (len + sizeof (*nb));
|
|
#else
|
|
data = grub_memalign (NETBUFF_ALIGN, len + sizeof (*nb));
|
|
#endif
|
|
if (!data)
|
|
return NULL;
|
|
nb = (struct grub_net_buff *) ((grub_properly_aligned_t *) data
|
|
+ len / sizeof (grub_properly_aligned_t));
|
|
nb->head = nb->data = nb->tail = data;
|
|
nb->end = (grub_uint8_t *) nb;
|
|
return nb;
|
|
}
|
|
|
|
struct grub_net_buff *
|
|
grub_netbuff_make_pkt (grub_size_t len)
|
|
{
|
|
struct grub_net_buff *nb;
|
|
grub_err_t err;
|
|
nb = grub_netbuff_alloc (len + 512);
|
|
if (!nb)
|
|
return NULL;
|
|
err = grub_netbuff_reserve (nb, len + 512);
|
|
if (err)
|
|
goto fail;
|
|
err = grub_netbuff_push (nb, len);
|
|
if (err)
|
|
goto fail;
|
|
return nb;
|
|
fail:
|
|
grub_netbuff_free (nb);
|
|
return NULL;
|
|
}
|
|
|
|
void
|
|
grub_netbuff_free (struct grub_net_buff *nb)
|
|
{
|
|
if (!nb)
|
|
return;
|
|
grub_free (nb->head);
|
|
}
|
|
|
|
grub_err_t
|
|
grub_netbuff_clear (struct grub_net_buff *nb)
|
|
{
|
|
nb->data = nb->tail = nb->head;
|
|
return GRUB_ERR_NONE;
|
|
}
|